Now let’s make this user sudoer. Create a new file /etc/sudoers.d/my_sudoers

To configure specific user

1

echo"my_user ALL=(ALL) ALL">/etc/sudoers.d/my_sudoers

To configure group you have to put % at the beginning

1

echo"%my_group ALL=(ALL) ALL">/etc/sudoers.d/my_sudoers

Now the user can become sudo, but you cannot log into the user via SSH. Let’s fix that. To file /etc/ssh/sshd_config, add SSH connection access for the user or whole group we created.
For specific user:

1

AllowUsers my_user

For whole group:

1

AllowGroups my_group

In addition, if you want to be able to autheticate as the user using user’s password, we need to setup:

1

2

PasswordAuthentication no

ChallengeResponseAuthentication yes

The ChallengeResponseAuthentication yes is enough to be able to login via password. Difference between these two options is that PasswordAuthentication provides option to pass password as parameter to server in plaintext, whereas the ChallengeResponseAuthentication enables option of interactive password input after the client tunelled secure connection to server. So you better don’t enable PasswordAuthentication unless you have very good reason doing so.
Now restart sshd service and you are done.

1

service sshd restart

You might however want to also private key based authentication. We can generate keys locally and upload to server like

1

ssh-keygen-trsa-C"Some key-pair description"-N""-fmy-key

Which generates public key my-key.pub, private key my-key
Copy public key to /home/your_user/.ssh/rsa_id, easily using

1

ssh-copy-id-imy-key.pubmy_user@1.2.3.4

And test it

1

ssh-imy-key my_user@1.2.3.4

If you are using multiple RSA keys across different servers and you don’t always want to be bother explicitely specifying which one should be used, use ssh-add my-key. Now connecting to server got a whole level simpler, just